HIPAA compliance is tricky, and when you add its affiliated Rules — Privacy Rule, Security Rule, Breach Notification Rule — and the HITECH Act, it gets trickier. You must create and document policies and procedures governing matters like privacy and confidentiality, notice of privacy practices, marketing, fundraising, sales, minimum necessary rule, disclosures, employee training, access to PHI, etc. Most critical, however, is risk assessment which begins with vulnerability assessment, and penetration testing.
HIPAA Institute has designed a new service for you to identify vulnerabilities in your IT set up, and secure all loose ends. When you get the Vulnerability Assessment and Penetration Testing service, you buy peace of mind, and secure compliance best practices.
The first route via which any cyberattack can occur is obviously your servers. You must get your servers — Windows servers, or Linux servers — as well as routers; firewalls; storage devices, and switches tested for internal vulnerability assessment. It should be noted that Windows desktops, especially which have the older OS versions, are more susceptible to vector attacks than others. For external penetration testing, public IPs — if any — which your organization might use, should be vetted appropriately. Efforts to identify known vulnerabilities in software, configuration, and architecture will enable secure coding and configuration.
HIPAA Institute customizes the entire process instead of relying on standard scanners to review and prevent insecure patch management, and ensure secure configuration. Your IT network is thoroughly mapped. The techniques used by hackers are stimulated to identify potential vulnerabilities to external threats by understanding what could happen in a complex scenario.
Testing, fixing, and then re-testing will ensure that you keep patient accounting systems, electronic health records, health maintenance and case management information, digital recordings of diagnostic images, electronic test results, and any other relevant electronic record secure, and integrity of data is ensured.